It is our objective to develop short, sharp policy documentation that is tailored to different business users and admin teams. One size does not fit all and it is critical to be able to confirm that policies have been read and understood.
Our work is informed by the following:
- Confirmation of corporate Cyber Security Policy requirements;
- Alignment of policy objectives to support business objectives, taking full account of business vision such as the ‘move to cloud’;
- Creation of policy documentation both strategic in terms of top-level policy and focus area specific, to underpin the identification of technical security control requirements;
- Development of user and system specific policies and security operating procedures;
- Review of supplier security policy and effectiveness of its application;
- Integration and alignment of new policies with existing internal documentation;
- Policy communication and awareness and measuring effectiveness.